This site may earn affiliate commissions from the links on this page. Terms of use.

If you've ever received a phone call from a carrier just as your contract is about to expire—your phone might have been compromised.

South Korea's second-largest mobile operator, KT Telecom, admitted Sunday that two computer programmers had infiltrated its network and stolen data from roughly 8.7 million customers.

The breach began in February but the telco only discovered it in July, when it reported it to Korean officials, according to reports. Two men were arrested for allegedly masterminding the campaign, and at least seven others were detained.

Stolen data included names, permanent resident ID numbers, contract dates and rates, and device models, according to Korean newspaper Dong-A Ilbo. Donga also said the thieves used this data to sell products and services to customers whose contracts were two months' away from expiring.

The two programmers had apparently spent ten years programming the custom hack for KT because the network pays telemarketers much more when customers switch over. One of the perpetrators runs a telemarketing firm.

How Did They Do That?Unfortunately, it's unclear how the hack took place or whether the network has been secured since then. Pity they didn't present their hack at Black Hat last week.

Korea's Cyber Terrorism Response Center at the National Police Agency released the following statement to reporters: "When the programmer sold the hacking program to other telemarketing firms, he secretively embedded malign codes and routed personal data that other firms stole from KT to his own server in real time."

Mulliner discovered he could remotely access lots of devices through mobile networks. He simply scanned the IPs of 3G networks in Europe and Australia ("not a fancy super duper hot technique" he notes) and gained root level access to the devices. He didn't probe the devices for legal reasons. Of course, the repercussions of his study are potentially much more dire.

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true).
Prior to joining PCMag.com, Sara spent five years reporting for publications in New York City (Huffington Post), Hong Kong (South China Morning Post), and Singapore (Campaign Asia, Men's Health).
Follow her on Twitter at @SecurityWatch and @sarapyin, or contact her the...
More »